원문정보
초록
영어
This paper presents a network intrusion detection system, which is categorized as a type of signature-based detection method. A domain specific language, called isDSL, is developed as a means of declaring intrusion signatures. The isDSL rule syntax is defined based on the structure of TCP/ IP stack, and the sign of attack is prescribed as a combination of properties and values that could span across the packets or TCP/IP layers. The prototype of intrusion detection system has been implemented. It consists of three major components: 1) isDSL par-ser, 2) Traffic monitor, and 3) Network intrusion detector. The isDSL parser supports the parsing of the intrusion conditions prescribed in a rule script into a set of rule structures used for matching with the network intrusion packets. Traffic monitor is the engine responsible for capturing the network packets and storing them in the buffer for further inspection. The Net-work intrusion detector applies the genetic algorithm for searching malicious states on net-work traffics. Preliminary experiments were conducted to study the performance of the pre-sented approach. The findings reported that the application of genetic algorithm for search-ing the signs of security breaches against declarative rules would be efficient and promising.
목차
1. Introduction
2. Background
2.1. Intrusion Detection System (IDS)
2.2. Domain Specific Language (DSL)
2.3. Genetic Algorithm (GA)
3. Design of isDSL
3.1. Transmission Control Protocol/ Internet Protocol (TCP/IP)
3.2. isDSL Rule Syntax
3.3. isDSL Rule Verification
4. Implementation
4.1. isDSL Parser
4.2. Traffic Monitoring Engine
4.3. Network Intrusion Detection Engine
5. Preliminary Experiments
6. Conclusion
References